CVE-2026-7747

CVE-2026-7747 affects Totolink N300RH (firmware 3.2.4-B20220812). The vulnerability lies in the Parameter Handler’s file /cgi-bin/cstecgi.cgi, specifically the loginauth function where manipulating the Password argument can cause a buffer overflow. It is network-borne with no authentication requi...

WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Advanced Classifieds & Directory Pro versions = 3.2.4...

sfx (=0.1.0) potentially affected by CVE-2026-34379 via openexr (=3.2.4)

openexr PYPI version =3.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - sfx =0.1.0 Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...

openSUSE 16 Security Update : freeciv (openSUSE-SU-2026:20423-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20423-1 advisory. Changes in freeciv: - freeciv 3.2.4: CVE-2026-33250: Fix a vulnerability allowing remote crashing of the server boo1260036 SDL2 client: Fix crash on...

CVE-2026-32372

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

freeciv-3.2.4-1.1 on GA media (moderate)

freeciv-3.2.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10401-1 Rating: moderate Cross-References: CVE-2026-33250 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the freeciv-3.2.4-1.1...

CVE-2026-4314

The CVE concerns The Ultimate WordPress Toolkit – WP Extended plugin for WordPress (up to version 3.2.4). In the Menu Editor module, isDashboardOrProfileRequest() uses an insecure strpos() check against $_SERVER['REQUEST_URI'] to detect dashboard/profile requests. The grantVirtualCaps() function ...

CVE-2026-32372 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

CVE-2026-2466 DukaPress <= 3.2.4 - Reflected XSS

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2026-27367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through 3.4.5...

CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through 3.4.5...

CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through 3.4.5...

PT-2026-23247

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through = 3.2.4...

WordPress Musico theme <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Musico versions = 3.2.4...

CVE-2026-24375

Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through = 3.2.4...

CVE-2026-24375 WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through = 3.2.4...

WordPress plugin Ultimate Gift Cards For WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2026-1303

The Patchstack entry documents a vulnerability in WordPress MailChimp Campaigns plugin (versions

WordPress plugin MailChimp Campaigns 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-12540 ShareThis Dashboard for Google Analytics <= 3.2.4 - Unauthenticated Google Analytics Data Exposure

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics clientID and clientsecret being stored in plaintext in the publicly visible plugin source. This can...